Security and privacy of online data and services are of utmost concern to most consumers utilizing the Internet or other electronic communication means (collectively online communications). There have been many systems and methods employed to provide security and privacy to the users of online communications. Authentications systems are often used to authenticate and verify the identity of a user attempting to access online stored data.
One such authentication system involves the use of simple password-based authentication/authorization methodologies. The sensitive data protected by this existing authentication system is clearly at risk if the password is determined or the user leaves his communication device open such that unauthorized persons can access or view the stored data. Saved passwords have often led to unauthorized individuals accessing or modifying stored data. A primary disadvantage of passwords is that they must be memorized. These passwords often have to be changed and many times require the use of special characters (e.g., symbols other than alphanumeric characters) which are hard to keep track of by a user.
In another existing authentication system, biometrics is used, which leverages unique characteristics that are attributed to the user to authenticate the user. Biometrics also has several disadvantages. First, specialized, and often expensive, equipment is required to read the users measured physical characteristics. Second, the measuring by the equipment often results in erroneous readings. Additionally, there are various challenges in order for biometric authentication to be viable and non-intrusive in day to day operations. Biometric authentication systems are also subject to spoofing and false classification of biometric readings.
In another existing authentication system, often in conjunction with a password authentication system, is the use of hard tokens. The hard tokens act as a key to access the sensitive online data. However, the user must keep possession of the hard token, which can easily be lost.
Current existing authentication systems merely use a one-time login with occasional screen locks due to inactivity, which requires the re-entry of the password. Even in the case where the user is periodically prompted to change the password, a static password is oftentimes saved in the user environment, which allows another unauthorized person to overcome the password authentication. Moreover, trojans (unauthorized and unnoticed processes that are classified as malware or man-in-the-middle) can steal/collect the history of the passwords and can initiate unauthorized transactions or alter transactions in real time.
Thus, there is a significant need authentication systems and methods that are more robust and less susceptible to theft and unauthorized use.